QwikSec

Security Database

CVE

CWE

Training

CVE-2007-5229

Published: Oct 5, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Cross-site request forgery (CSRF) vulnerability in the FeedBurner FeedSmith 2.2 plugin for WordPress allows remote attackers to change settings and hijack blog feeds via a request to wp-admin/options-general.php that submits parameter values to FeedBurner_FeedSmith_Plugin.php, as demonstrated by the (1) feedburner_url and (2) feedburner_comments_url parameters.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20071003 Hijacking Feeds with Feedburner

mailing-list

x_refsource_FULLDISC

feedburner-feedsmith-plugin-csrf(36940)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

exploit

x_refsource_EXPLOIT-DB

http://blogsecurity.net/wordpress/feedburner-feed-hijacking/

x_refsource_MISC

vdb-entry

x_refsource_BID

http://blogsecurity.net/wordpress/feedsmith-feedburner-vulnerability-fixed/

x_refsource_MISC

http://blogs.feedburner.com/feedburner/archives/2007/10/the_feedsmith_plugin_newly_for.php

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.